The next thing they should all join forces for is to do away with free email accounts. Make a 1 time registration fee of a nominal amount like $5 or $10. This way the bots that spammers use to create thousands of [name free email provider] email accounts will either rendered useless or the process will be prohibitively expensive. Even if each address is able to send 10 or 15 emails before it gets closed down.
"the senders of emails can provide proof to indicate that their emails are protected by SPF and DKIM and include instructions what to do with the message if the authentication fails. For example, the message can be automatically deleted by the recipient system - or simply be rejected."
This is the part that I'm having trouble with.
What "proof", how efficient this "proof" be?
Can they just add the "proof" anyway?
Are there any limits on this "proofs"?
Or they would simply find an exploit and it would be the same or worse.
Don't get me wrong I agree with everyone here so far....
But I would like to see more details about this.
This wouldn't help with spam (despite the picture) or generic scams, just phishing. So we'd still get the Nigerian princes, the "male medicine", the R0lllllex and the rest. The only stuff you wouldn't get is stuff telling you to log in to [insert bank/store/social network].
TBH, this will only be half successful. SPF and DKIM lets them do this stuff already (and worrying only *some* banks do it) if and only if the receiving server checks the records *and* the sender marks a hard fail rather than a soft fail (which says "I don't think it is legit, but don't ditch it just in case"). What it will miss out on is bankofarnerica.com and the like - you can still phish with an almost-but-not-quite-identical domain name (and even have a legitimate SSL certificate for it).